News & Blog

Encryption and Security, boring subjects until…

Security, backup, encryption etc. All these buzzwords that IT people throw around all the time, expecting business folks to understand them and then do something about it. And then one day it happens. I’d like to share a couple of stories. (Believe me we have many more!)

1. A friend of mine received an email from what seemed to be a credible source. It had a bunch of detailed information about him and his business that led him to that conclusion. The gist was that this company was going to help promote his products by putting the link to his website on theirs. “Please click on the link and see how we will help promote your company and of course please call us with any questions!”
Boom! Kiss of death! Clicked the link and after 4 months of hell, blue screens, slow machine and more he went and bought a new laptop and in the meantime tried to salvage what was left on the old one.

2. Working some years ago with a fairly large law firm who diligently backed everything up every night…..except that the data still resided on their laptops with NO encryption. When asked if they had ever thought of the implications of not doing so the answer was the one we hear all too often. “Well we’ve been okay so far!” Really!!

So here is my own personal story. Have you ever attended an afternoon meeting on a Friday with your laptop and work documents with you for the typical weekend homework? At the end of the meeting you connect with a peer to go over some additional topics as you are both walking out to head your separate ways? When you get home, panic sets in as you realize that you left your work bag at the meeting site (which happens to be a semi-public meeting area). Oh no, my laptop with all my work documents (including client level reports that I needed to prepare for a Monday morning meeting) are gone! Maybe a quick visit to the restroom is in order!

This actually happened to me not too long ago. After my initial wave of panic I called the facility, they were able to locate my bag and put it aside so that I could pick it up on Saturday. What a relief! What if I hadn’t been so lucky ignoring advice like the law firm above? What if someone else had come in, noticed an unattended laptop and just taken it? Maybe they were an enterprising person and would turn it on to find data they could profit from? As you can imagine, the initial thoughts running through my head were numerous, and included such things as notifying my insurance carrier about a potential breach, contacting my IT guys to get them to disable the account, and the inevitable letter that would have to go out to our customers! Man, this was not my day!

And then my anxiety turned into a wave of calmness as I remembered that my laptop was fully encrypted (without my passphrase all the data is garbled and unusable) and all my data is synchronized to our servers. This was nothing more than a minor inconvenience. Oh sure, the laptop could have been stolen, which would have meant nothing more than having to get a new one (hmmm, maybe I’ll “forget” this at more meetings!)

So this turned out to be a non-event for me because we had taken the time to identify where our data may be at risk and implement the appropriate techniques to safeguard our clients’ data. More organizations than you can imagine do not do this. Oh, you may have policies in your employee handbook that forbid staff to put client data on thumb drives, laptops and the like, but the reality is that people are bringing work home with them almost every day, and some of that involves data that may compromise a persons’ identity. All it takes is one incident (an eager admin or ‘knowledge worker’ that is trying catch up over the weekend, stops at a coffee shop and the computer gets snagged off the front seat) to start a chain reaction that can set your company or agency back by months, if not years. Even if you are savvy enough to have insurance in place (which will protect you monetarily), the bad public relations will take a much longer time to overcome.

Technology has finally caught up in this area, and should be an important part of your company’s toolkit for safeguarding your clients and your own data. As you can see from my own story, we practice what we preach and guess what, we’re really good at it! If you want to find out more about how we protect ourselves and our clients, please feel free to contact me and see how we can help protect you as an individual as well as your company.